From 4e5c583dcfdd6307f1093f80a9e1d1ff0480cc7d Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Mon, 8 Aug 2011 17:28:54 -0400 Subject: [PATCH] Sanitize filenames before using in Content-Disposition header --- transformation_wrapper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/transformation_wrapper.php b/transformation_wrapper.php index 3699dd091..f04c8acac 100644 --- a/transformation_wrapper.php +++ b/transformation_wrapper.php @@ -68,7 +68,7 @@ if (isset($ct) && !empty($ct)) { header($content_type); if (isset($cn) && !empty($cn)) { - header('Content-Disposition: attachment; filename=' . $cn); + header('Content-Disposition: attachment; filename=' . PMA_sanitize_filename($cn)); } if (!isset($resize)) {